| Page(s) : 1 ... 63 64 65 66 67 68 69 70 71 72 [73] 74 75 76 77 78 79 80 81 82 83 ... | Result(s) : 312940 |
Alerts
| DATE | NAME | CATEGORIES | DETAIL | |
|---|---|---|---|---|
| N/A | 2025-03-20 | CVE-2024-10272 | cve | lunary-ai/lunary is vulnerable to broken access control in the latest version. An attacker can view the content of any dataset without any kind of authorization by sending a GET... |
| N/A | 2025-03-20 | CVE-2024-10273 | cve | In lunary-ai/lunary v1.5.0, improper privilege management in the models.ts file allows users with viewer roles to modify models owned by others. The PATCH endpoint for models do... |
| N/A | 2025-03-20 | CVE-2024-10274 | cve | An improper authorization vulnerability exists in lunary-ai/lunary version 1.5.5. The /users/me/org endpoint lacks adequate access control mechanisms, allowing unauthorized user... |
| N/A | 2025-03-20 | CVE-2024-10275 | cve | In version 1.5.5 of lunary-ai/lunary, a vulnerability exists where admins, who do not have direct permissions to access billing resources, can change the permissions of existing... |
| N/A | 2025-03-20 | CVE-2024-10330 | cve | In lunary-ai/lunary version 1.5.6, the `/v1/evaluators/` endpoint lacks proper access control, allowing any user associated with a project to fetch all evaluator data regardless... |
| N/A | 2025-03-20 | CVE-2024-10359 | cve | In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipulate the user ID field through mass assignment. T... |
| N/A | 2025-03-20 | CVE-2024-10361 | cve | An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper... |
| N/A | 2025-03-20 | CVE-2024-10363 | cve | In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the ad... |
| N/A | 2025-03-20 | CVE-2024-10366 | cve | An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether ... |
| N/A | 2025-03-20 | CVE-2024-10457 | cve | Multiple Server-Side Request Forgery (SSRF) vulnerabilities were identified in the significant-gravitas/autogpt repository, specifically in the GitHub Integration and Web Search... |
| N/A | 2025-03-20 | CVE-2024-10481 | cve | A CSRF vulnerability exists in comfyanonymous/comfyui versions up to v0.2.2. This vulnerability allows attackers to host malicious websites that, when visited by authenticated C... |
| N/A | 2025-03-20 | CVE-2024-10513 | cve | A path traversal vulnerability exists in the 'document uploads manager' feature of mintplex-labs/anything-llm, affecting the latest version prior to 1.2.2. This vulner... |
| N/A | 2025-03-20 | CVE-2024-10549 | cve | A vulnerability in the `/3/Parse` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint uses a user-specified string to construct a ... |
| N/A | 2025-03-20 | CVE-2024-10550 | cve | A vulnerability in the `/3/ParseSetup` endpoint of h2oai/h2o-3 version 3.46.0.1 allows for a denial of service (DoS) attack. The endpoint applies a user-specified regular expres... |
| N/A | 2025-03-20 | CVE-2024-10553 | cve | A vulnerability in the h2oai/h2o-3 REST API versions 3.46.0.4 allows unauthenticated remote attackers to execute arbitrary code via deserialization of untrusted data. The vulner... |
| N/A | 2025-03-20 | CVE-2024-10569 | cve | A vulnerability in the dataframe component of gradio-app/gradio (version git 98cbcae) allows for a zip bomb attack. The component uses pd.read_csv to process input values, which... |
| N/A | 2025-03-20 | CVE-2024-10572 | cve | In h2oai/h2o-3 version 3.46.0.1, the `run_tool` command exposes classes in the `water.tools` package through the `ast` parser. This includes the `XGBoostLibExtractTool` class, w... |
| N/A | 2025-03-20 | CVE-2024-10624 | cve | A Regular Expression Denial of Service (ReDoS) vulnerability exists in the gradio-app/gradio repository, affecting the gr.Datetime component. The affected version is git commit ... |
| N/A | 2025-03-20 | CVE-2024-10648 | cve | A path traversal vulnerability exists in the Gradio Audio component of gradio-app/gradio, as of version git 98cbcae. This vulnerability allows an attacker to control the format ... |
| N/A | 2025-03-20 | CVE-2024-10650 | cve | An unauthenticated Denial of Service (DoS) vulnerability was identified in ChuanhuChatGPT version 20240918, which could be exploited by sending large data payloads using a multi... |
| Page(s) : 1 ... 63 64 65 66 67 68 69 70 71 72 [73] 74 75 76 77 78 79 80 81 82 83 ... | Result(s) : 312940 |
